Public-Private Partnerships in the Netherlands Gijs Peeters, National Cyber Security Centre (NCSC-NL) Advisor International Relations & PPPs 29 January 2019 ENISA NLO Meeting
Public-Private Partnerships in the Netherlands Strengthening our digital resilience together Gijs Peeters Advisor International Relations & PPPs NCSC-NL PPPs in the Netherlands | 29-01-2019
Content -PPP: the Dutch way -Ambition: a nationwide network of partnerships › ISAC ’ s › CSIRT ’ s › Regional ecosystems -Challenges -Role of ENISA in stimulating PPPs PPPs in the Netherlands | 29-01-2019
PPP – the Dutch approach Resilience potential Resilience potential Collective resilience capacity Individual resilience Individual resilience capacity capacity Trust = Value PPPs in the Netherlands | 29-01-2019
National Cyber Security Agenda “ A nationwide network of cybersecurity partnerships will be created within which information about cybersecurity can be shared between public and private parties more widely, effeciently and effectively. The aim of this network is to strengthen the capabilities of public and private parties.” PPPs in the Netherlands | 29-01-2019
A nationwide network of cybersecurity partnerships ISAC ’ s Chair and co-chair from sector • Sector in the lead, NCSC faciltates ISACs and • brings in expertise (2 roles) Public sector DTC AIVD NCSC MoD THTC PPS Tactical information exchange PPPs in the Netherlands | 29-01-2019
How to set up an ISAC? PPPs in the Netherlands | 29-01-2019
Further growth of an ISAC? PPPs in the Netherlands | 29-01-2019
Baseline Information sharing Analysis Action Capability Capability Capability Capability L3 cluster: cluster: cluster: cluster: Baseline Information Analysis Action Sharing Generic ISAC core ISAC core Suggested L2 Cooperation capability capability capability L1 L0 PPPs in the Netherlands | 29-01-2019
Baseline Information sharing Analysis Action L3 Level 3 : mature, holistic working, ISAC ’ s cooperate, explicit societal benefits Level 2 : purposeful working, ISAC operates as one, explicit sectoral benefits L2 L1 Level 1 : structured working, explicit individual and collective benefits Level 0 : ad hoc working, individual benefits, implicit sectoral and societal benefits L0 PPPs in the Netherlands | 29-01-2019
Baseline Information sharing Analysis Action Strategy & Way of working Information Situational Information Lessons learned : planning Composition as structure : awareness : Follow-up & management : Strategic ISAC mandated required by Information Predictive actions : Automatic data forecasting to act by C-level agenda sharing analysis Focussed on public collection & International L3 Long-term SOPs standards and International resilience (e.g. joint reporting (e.g. sharing of Roadmap Advanced protocols (e.g. situational statements) CTI) lessons learned Communication agreements STIX and TAXII) awareness Situational Strategy & awareness : Information Follow-up & planning From qualitative Information structure : actions : Shared R&D management : to quantitative Information Focussed on Way of working Medium-term Structured data Cross-sectoral Lessons learned : NCSC/CERT sharing with sectoral resilience Roadmap L2 collection and and national Trend analysis operational and (e.g. collaborative Analyst Structural reporting situational strategic levels procurement) budget awareness Strategy & Lessons Way of working Information Follow-up & planning learned : Situational NCSC Account structure : actions : Development Cross-sectoral awareness : holder Norms and Information Bilateral initiatives and action plan learning Sectoral (e.g. shared Rules of templates for management : (short-term) (ambering) situational research, supply Engagement, information Information L1 Benchmark Supply chain awareness competencies sharing (also chain analysis) Sharing Platform Ad-hoc co- learning report and training beyond ISACs) Annual bulletin financing (greening) Strategy & Way of working planning Membership Information Situational Support for guidelines Information Follow-up & structure : awareness : common goal of TLP management : actions : Information Individual ISAC Lessons learned : L0 ISAC (Co)chair, NCSC Free-format, ad Focussed on sharing between members and Incident analysis In-kind secretary and hoc individual resilience ISAC members NCSC contributions representatives
Network of CERTs Network of CERT’s DTC NCSC AIVD Operational information OM MIVD exchange /DCC THTC Public sector
Regional ecosystems CYSSEC DTC FERM NCSC Expertise and advise Public sector
A nationwide network of cybersecurity partnerships ISAC ’ s Regional Ecosystems CERT ’ s Tactical information Expertise and advise Operational information PPPs in the Netherlands | 29-01-2019 Public sector
ENISA and PPPs We welcome support of ENISA for ISACs,; • Important to connect to existing structures; • (European) ISACs are not a goal in itself; • We would like to invite ENISA to also support MS in setting up • national PPP structures. PPPs in the Netherlands | 29-01-2019
Thank you, questions? Gijs.peeters@ncsc.nl PPPs in the Netherlands | 29-01-2019
Recommend
More recommend
